<?php
if (!$do || $do == 'editEvt' || !$_REQUEST['evtType'] || $do === 'addEvtType') {
   if ($do === 'addEvtType') {
      mysql_query(" INSERT INTO `event` SET `name`='".$_REQUEST['evtName']."',`filename`='".$_REQUEST['evtFilename']."',`play_as`='".$_REQUEST[evtPlayAs]."',`log_type`='".$_REQUEST[evtLogType]."' ");
   }
   $evtQuery = mysql_query("SELECT * FROM `event` ORDER BY `name` ASC ");
   $i=0;
   // make an array $evt with all the event values from the DB.
   while ($evt[$i++] = mysql_fetch_array($evtQuery));
   array_pop($evt); // we need array_pop to take off the last (null) value, generated by a false while 
   ?>
   <form name="selEvt" action="?mode=evt" method="post">
   <fieldset><legend>Edit/upload event files</legend>
   Event: <select name="evtType"><?php
   for ($i=0; $i<count($evt); $i++) printf('<option value="%s">%s</option>', $evt[$i][id], trunc($evt[$i][name], 16));
   ?></select>
   <input type="hidden" name="do" value="editEvtFiles" />
   <input type="submit"  value="submit" />
   </fieldset>
   </form>
   
   <form name="editEvt" action="?mode=evt" method="post" >
   <fieldset><legend>edit events</legend>
   <table>
   <?php
   for ($i=0; $i<count($evt); $i++) {
      printf('<tr><td><input type="checkbox" value="%s" /></td><td>%s</td></tr>', $evt[$i][id], $evt[$i][name]);
   }
   ?></table><input type="submit" value="submit" /></fieldset></form>
   
   <form name="addEvt" action="?mode=evt" method="post"><fieldset><legend>Add new event type</legend>
   event name: <input type="text" name="evtName" onInput="var filename = this.value.replace(/\W/g, ''); updEvtFilename(filename)" /><br />
   folder name: <span id="evtFilename"><input type="text" name="evtFilename" /></span> (no spaces/funky characters)<br />
   <input type="checkbox" checked="checked" name="evtLogType" value="2" /> include/replace in generated playlists<br />
   replace playlist entries with: <select name="evtPlayAs"><option value="">none (has own files)</option><?php
   for ($i=0; $i<count($evt); $i++) printf('<option value="%s">%s</option>', $evt[$i][id], trunc($evt[$i][name], 16));
   ?></select><input type="hidden" name="do" value="addEvtType" /> <br />
   <input type="submit" value="Add event type" />
   </fieldset></form>
   
      
   <?php 
} else {
   if ($_REQUEST['evtType']) {
      $evtType = $_REQUEST['evtType'];
      $evtName = mysql_result(mysql_query("SELECT `name` FROM `event` WHERE `id`='".$evtType."' LIMIT 1 "), 0);
      ?>
      <form enctype="multipart/form-data" name="addEvtFiles" action="?mode=evt" method="POST">
      <input type="hidden" name="MAX_FILE_SIZE" value="30000000" />
      upload a new <?=$eventname?> event: <input name="userfile" type="file" /><br />
      name for the event: <input type="text" name="evtName" /><br />
      <input type="hidden" name="evtType" value="<?=$evtType?>" />
      <input type="hidden" name="do" value="addEvtFile" />
      <input type="submit" value="Send File" />
      </form>
      
      <form action="?mode=evt" name="editEvtFiles" method="post">
      Existing files:<br />
      <?php
      $evtFileQuery = mysql_query("SELECT * FROM `event_files` WHERE `eventtype`='".$evtType."' ");
      while ($evtFile = mysql_fetch_array($evtFileQuery)) {
         printf($evtFile[name]);
      }
      ?>
      </form>
      <?php 
   }
   if ($do == 'addEvtFile') {
      $uploaddir = '/var/music/EVENTS/test/';
      $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
      
      echo '<pre>';
      if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
         echo "File is valid, and was successfully uploaded.\n";
         mysql_query("
          INSERT INTO `event_files`
          SET
          `eventtype`='".$_REQUEST['evtType']."',
          `filepathname`='".$uploadfile."',
          `name`='".mysql_real_escape_string($_REQUEST['evtName'])."'
          ") or die(mysql_error());
      } else {
         echo "Possible file upload attack!\n";
      }
      
      echo 'Here is some more debugging info:';
      print_r($_FILES);
      
      print "</pre>";
   }
      
}
?>